Legal · Privacy

Privacy Policy

Last updated: May 5, 2026
Important: Reaux Health is required by law to maintain the privacy and security of your Protected Health Information (PHI). This Privacy Policy and Notice of Privacy Practices describes how we collect, use, share, and safeguard your information through the Reaux Health Website, App, and Services. If you do not agree to this Policy, please do not use our Services.
Section 01

Introduction

Reaux Health, LLC and its affiliates (collectively, “Reaux Health,” “we,” “our,” or “us”) are committed to protecting your privacy and the security of your personal and health information. This Privacy Policy and Notice of Privacy Practices (“Policy”) describes how we collect, use, disclose, and safeguard your information when you:

  • Visit any Reaux Health website that links to this Policy (the “Website”);
  • Use the Reaux Health patient portal or any associated mobile application (the “App”);
  • Enroll in or use any Reaux Health subscription service; or
  • Otherwise provide data to Reaux Health in connection with our administrative services.

We refer to the Website, App, patient portal, and all related services collectively as the “Services.” This Policy is incorporated into our Terms of Service. Capitalized terms not defined here have the meanings assigned in the Terms of Service.

Reaux Health operates as a Management Services Organization (“MSO”). We provide non-clinical administrative and technology infrastructure to independent, licensed healthcare providers (“Providers”) who deliver telehealth-based clinical services directly to patients. All clinical care, including diagnoses, treatment plans, and prescriptions, is provided solely by independent Providers, not by Reaux Health. This Policy covers information that flows through Reaux Health's administrative infrastructure in connection with those services.

Section 02

Your information. Your rights. Our responsibilities.

This notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully.

Reaux Health is required by law to maintain the privacy and security of your Protected Health Information (“PHI”). We are committed to following the duties and privacy practices described in this Policy and to providing you with a copy upon request.

Section 03

Your rights regarding your health information

When it comes to your health information, you have certain rights under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and applicable state law. This section explains those rights and our responsibilities to help you exercise them.

3.1 Right to access your medical record

You have the right to request a copy of your medical record and other health information we maintain about you, in electronic or paper form.

  • To request access, contact our Privacy Officer at privacy@reauxhealth.com or through your patient portal.
  • We will provide a copy or summary of your health information, generally within 30 days of your request.
  • We may charge a reasonable, cost-based fee for copies.
  • We may deny access in limited circumstances permitted by HIPAA and will provide a written explanation if we do.

3.2 Right to request corrections

You have the right to ask us to correct health information about you that you believe is incorrect or incomplete.

  • To request a correction, contact our Privacy Officer in writing at privacy@reauxhealth.com.
  • We may deny your request, but we will tell you why in writing within 60 days.
  • Even if we deny a correction, you have the right to submit a statement of disagreement that will be maintained with your record.

3.3 Right to confidential communications

You have the right to ask us to contact you using a specific method or at a specific location.

  • For example, you may ask us to contact you only by email at a specific address, or only by mail to a designated address.
  • We will accommodate all reasonable requests. You do not need to give us a reason for your request.

3.4 Right to request restrictions on use and disclosure

You have the right to ask us not to use or share certain health information for treatment, payment, or healthcare operations.

  • We are not required to agree to every restriction request and may decline if it would affect your care.
  • If you pay for a service out-of-pocket in full, you may ask us not to share that information for payment purposes with a health insurer. We will agree to this restriction unless required by law to share.

3.5 Right to an accounting of disclosures

You have the right to request a list of the times we have shared your health information for purposes other than treatment, payment, and healthcare operations.

  • You may request an accounting of disclosures going back up to six years from the date of your request.
  • We will include who we shared it with, the date, a description of the information, and the reason for disclosure.
  • We will provide one accounting per year at no charge. We may charge a reasonable fee for additional requests within 12 months.

3.6 Right to a copy of this Policy

You may request a paper copy of this Privacy Policy and Notice of Privacy Practices at any time, even if you have agreed to receive it electronically. We will provide a copy promptly upon request.

3.7 Right to designate a personal representative

If you have given someone medical power of attorney, or if someone is your legal guardian, that person may exercise your privacy rights and make choices about your health information on your behalf. We will verify that person's authority before taking action.

3.8 Right to file a complaint

You have the right to file a complaint if you believe we have violated your privacy rights. You will not be penalized or retaliated against in any way for filing a complaint.

To file a complaint with Reaux Health, contact our Privacy Officer:
Reaux Health, LLC
Privacy Officer
1 E Erie St, Suite 525-3120,
Chicago, IL 60611
privacy@reauxhealth.com

To file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights:

Section 04

Your choices

For certain health information, you can tell us your preferences about how we share your information. Where you have a clear preference, please contact us and we will follow your instructions.

4.1 Sharing with family, friends, or caregivers

You have the right to tell us whether you want us to share information with family members, close friends, or others involved in your care. If you are unable to communicate your preference, for example, in a medical emergency, we may share information if we believe it is in your best interest or when needed to address a serious and imminent threat to health or safety.

4.2 Information we will never share without your written permission

We will not use or share your information for the following purposes without your explicit written authorization:

  • Marketing or advertising purposes
  • Sale of your personal information or PHI
  • Most disclosures of psychotherapy notes (if applicable)
  • Any other purpose not described in this Policy

If you authorize such use and later change your mind, you may revoke your authorization in writing at any time. Revocation does not affect uses already made in reliance on your prior authorization.

4.3 Fundraising

If Reaux Health ever contacts you for fundraising purposes, you have the right to opt out of future fundraising communications by notifying us in writing at privacy@reauxhealth.com.

Section 05

Information we collect

5.1 Protected Health Information (PHI)

In connection with services arranged through our Platform, we may collect or receive PHI as defined under HIPAA, including:

  • Name, date of birth, gender, and contact information
  • Medical history, current diagnoses, and existing health conditions
  • Current medications, allergies, and prior treatments
  • Weight, height, body mass index, and related biometric data
  • Health questionnaire and intake form responses
  • Treatment plans and clinical notes created by your Provider
  • Prescription information transmitted to pharmacy partners
  • Appointment scheduling and follow-up records

5.2 Personal Information (Non-PHI)

We also collect personal information that may not constitute PHI, including:

  • Account credentials (email address and password)
  • Billing and payment information (processed securely through Stripe; Reaux Health does not store full payment card numbers)
  • IP address, device type, browser type, and operating system
  • Platform usage data, session duration, and navigation behavior
  • Communications you send to us through the patient portal or support channels

5.3 Information from third parties

We may receive information about you from:

  • Independent Providers using the Platform to deliver clinical services
  • Partner compounding pharmacies fulfilling prescriptions
  • Stripe, our payment processor via Healthie
  • Healthie, our HIPAA-compliant Electronic Medical Records (EMR) platform
  • Analytics and technology vendors, subject to applicable privacy agreements

5.4 Automatically collected information

When you visit our Website or use our App, we may automatically collect:

  • Log data such as access times, pages viewed, and referring URLs
  • Device identifiers and browser fingerprints
  • Location data at the city or region level (derived from IP address)
  • Cookies and similar tracking technologies (see Section 9)
Section 06

How we use your information

6.1 Treatment coordination

We use and share your health information to facilitate your access to clinical services through independent Providers.

Example: We route your completed intake questionnaire to your assigned Provider so they can review your health profile and make an independent clinical determination.

6.2 Platform operations and healthcare administration

We use your information to operate the Platform, manage your account, and support the administrative functions that facilitate your care.

Example: We use your contact information to send appointment reminders, follow-up scheduling prompts, and account notifications.

6.3 Billing and payment processing

We use your information to to support billing and account administration and to facilitate processing of your subscription payments through our authorized third-party payment processor.

Example: We transmit limited billing information to our payment processor (Stripe) so your subscription payment can be processed. We do not share clinical PHI with Stripe beyond what is necessary for billing.

6.4 Pharmacy coordination

Following your Provider's independent prescribing decision, your provider will administratively transmit prescription information to our partner pharmacies for fulfillment and shipping logistics.

Example: After your Provider issues a prescription, your provider will then coordinate with the dispensing pharmacy to initiate preparation and arrange shipping to your address.

6.5 Safety and legal compliance

We may use or disclose your information:

  • To prevent or reduce a serious and imminent threat to health or safety
  • To comply with applicable federal and state law
  • To respond to court orders, subpoenas, or lawful government requests
  • To support public health activities, including reporting of adverse drug reactions and disease prevention efforts
  • In connection with workers' compensation claims or law enforcement requests as permitted by law

6.6 Research and quality improvement

We may use de-identified or aggregated data for internal quality improvement and, in limited circumstances, for health research. Any use of PHI for research purposes will be conducted only with appropriate patient authorization or pursuant to a waiver approved by an Institutional Review Board (IRB) in compliance with HIPAA.

6.7 Business operations

We may use non-PHI personal information to:

  • Improve Platform functionality and user experience
  • Analyze usage trends and optimize our services
  • Communicate with you about Platform updates, new features, or service changes
  • Detect, investigate, and prevent fraudulent or unauthorized activity
Section 07

How we disclose your information

We do not sell your personal information or PHI to third parties for commercial or advertising purposes. We share your information only as described below.

7.1 Independent healthcare providers

We share your intake information and health questionnaire responses with the independent licensed Providers assigned to review your profile. Providers access this information solely to make independent clinical determinations. Providers are Covered Entities under HIPAA and are independently responsible for the privacy of your clinical records.

7.2 Partner pharmacies

When your Provider issues a prescription, the information needed to fill it is exchanged between your Provider and a licensed compounding pharmacy for treatment and fulfillment. Reaux Health does not share your prescription information with the pharmacy; that exchange occurs directly between your Provider and the pharmacy. Each pharmacy is an independently licensed entity that handles your health information under its own legal and professional obligations, including HIPAA and applicable pharmacy laws.

7.3 Technology and service vendors

We share information with vendors who support our Platform operations, including:

  • Healthie (EMR platform): subject to a HIPAA-compliant BAA
  • Stripe (payment processing): subject to applicable data processing terms
  • Cloud infrastructure and hosting providers: subject to security and confidentiality agreements
  • Analytics and communication tools: limited to non-PHI data only

Technology and service vendors that we engage to handle protected health information on our behalf are required to maintain a HIPAA-compliant Business Associate Agreement with Reaux Health and are contractually obligated to protect your information. Independently licensed parties that receive your information directly to provide your care, including your Provider and the dispensing pharmacy, are responsible for it under their own legal and professional obligations, including HIPAA.

7.4 Legal and regulatory disclosures

We may disclose your information:

  • As required by federal or state law, including to the U.S. Department of Health and Human Services
  • In response to a valid court order, subpoena, or lawful government request
  • To cooperate with health oversight agencies for activities authorized by law
  • For workers' compensation, law enforcement, military, national security, or presidential protective services as permitted by law
  • To a coroner, medical examiner, or funeral director when legally required
  • To organ procurement organizations when applicable

7.5 Business transfers

In the event of a merger, acquisition, sale of assets, or other business transaction, your information may be transferred to a successor entity. We will provide notice of any such transfer and ensure that the successor entity is bound by privacy protections consistent with this Policy and applicable law.

7.6 With your authorization

We will disclose your information for any other purpose only with your prior written authorization. You may revoke any such authorization in writing at any time, provided that revocation will not affect disclosures already made.

Section 08

Our responsibilities

Reaux Health is committed to the following responsibilities with respect to your health information:

  • We are required by law to maintain the privacy and security of your Protected Health Information.
  • We will notify you promptly if a breach occurs that may have compromised the privacy or security of your information, in accordance with the HIPAA Breach Notification Rule and applicable Illinois law.
  • We must follow the duties and privacy practices described in this notice and will give you a copy upon request.
  • We will not use or share your information other than as described in this Policy unless you provide written authorization.
  • We will honor your request to revoke an authorization at any time, and such revocation will apply to future uses and disclosures.
  • We will train our staff on privacy and security obligations and enforce this Policy.
  • We will maintain and enforce Business Associate Agreements with all vendors who access PHI on our behalf.

For more information about HIPAA and your rights, visit www.hhs.gov/ocr/privacy/hipaa/understanding/consumers/noticepp.html.

Section 09

Cookies and tracking technologies

We use cookies and similar technologies on our Website and App to enhance your experience and analyze Platform performance.

9.1 Types of cookies we use

  • Strictly necessary cookies: Required for the Platform to function and cannot be disabled without disrupting core services (e.g., session authentication, security tokens). These also remember your cookie choices on this device.
  • Analytics cookies: Help us understand how visitors use our Website so we can improve it. We use an analytics provider (PostHog) that sets first-party cookies to collect information such as pages viewed, links and buttons clicked, scrolling, mouse movement, and site performance. We may also record session replays of how pages are used, with the contents of form fields and inputs masked so anything you type is not captured. Analytics run on our marketing Website only and are not used on the patient intake flow or care portal. You can turn analytics off at any time (see 9.2).
  • Preference cookies: Remember your settings and choices, such as your cookie preferences.

9.2 Your cookie choices

When you first visit our Website, a cookie banner lets you accept analytics cookies or open Cookie Settings to choose what you allow. Analytics are on by default, and you can opt out at any time; your choice is saved on your device so we don't ask again on every visit. You can also control cookies through your browser, which most browsers allow you to block or delete, though disabling strictly necessary cookies may impair Platform functionality. You can change or withdraw your choice whenever you like:

Manage cookie settings

9.3 Do Not Track and Global Privacy Control

Some browsers and extensions transmit “Do Not Track” (DNT) or Global Privacy Control (GPC) signals. Our analytics are configured to honor these: when your browser sends a DNT or GPC signal, we do not load analytics or collect information about your visit, and the cookie banner is not shown.

Section 10

Telehealth-specific privacy protections

Reaux Health takes additional measures to protect your privacy in the telehealth environment, consistent with the Illinois Telehealth Act (410 ILCS 151/) and applicable federal telehealth privacy standards.

  • All clinical communications through the Platform are conducted through secure, HIPAA-compliant encrypted channels.
  • Our EMR platform (Healthie) uses end-to-end encryption for all clinical data in transit and at rest.
  • Telehealth consultations conducted through the Platform are not recorded without your prior written consent.
  • We implement technical safeguards, including multi-factor authentication, access controls, and audit logging, to prevent unauthorized access to telehealth sessions and related information.
  • Platform staff receive specialized training on privacy practices specific to telehealth environments.
  • We maintain comprehensive audit trails of all administrative access to PHI within our infrastructure.
  • Independent Providers using our Platform are responsible for maintaining privacy in their own clinical environment and are independently required to comply with HIPAA and applicable state telehealth laws.
Section 11

Data security

Reaux Health implements a comprehensive security program to protect your information from unauthorized access, use, alteration, or disclosure. Our safeguards include:

  • Administrative safeguards: Privacy and security policies, workforce training, access management procedures, and vendor oversight.
  • Physical safeguards: Secure data centers with physical access controls managed by our cloud infrastructure providers.
  • Technical safeguards: TLS/SSL encryption for data in transit, AES-256 encryption for data at rest, multi-factor authentication, role-based access controls, intrusion detection, and continuous security monitoring.
  • Incident response: A documented breach response plan consistent with HIPAA Breach Notification requirements and Illinois law.
  • Cyber liability insurance: We maintain cyber liability insurance coverage to support incident response and notification obligations.

No security system is completely impenetrable. In the event of a data breach that affects your PHI or personal information, we will notify you as required by the HIPAA Breach Notification Rule and applicable Illinois and federal law, and will take all reasonable steps to investigate and mitigate harm.

Section 12

Data retention

We retain your information for as long as necessary to provide services, fulfill legal and regulatory obligations, and resolve disputes:

  • Medical records: Retained in accordance with Illinois medical records retention requirements. For adult patients, this is generally a minimum of ten (10) years from the date of the last service.
  • Account and administrative data: Retained for the duration of your subscription and for a reasonable period thereafter as required for legal compliance, dispute resolution, and fraud prevention.
  • Payment records: Retained as required by applicable financial and tax regulations.
  • PHI in administrative systems: Retained only as long as necessary to fulfill the specific administrative function for which it was collected, and securely deleted or de-identified thereafter in accordance with HIPAA Safe Harbor or Expert Determination standards.

Upon written request, we will provide information about the retention period applicable to your specific data categories, subject to applicable law.

Section 13

Children's privacy

The Reaux Health Platform is intended for individuals 18 years of age and older. We do not knowingly collect personal information from minors under the age of 18 without verifiable parental consent. If we become aware that we have collected information from a minor without appropriate consent, we will promptly delete such information. If you believe we have inadvertently collected information from a minor, please contact us at privacy@reauxhealth.com.

Section 14

Third-party websites and services

Our Website or communications may contain links to third-party websites or services. This Policy does not apply to those third-party sites, and we are not responsible for their privacy practices. We encourage you to review the privacy policies of any third-party sites you visit.

Section 15

Illinois resident privacy rights

If you are an Illinois resident, you have the following additional rights under the Illinois Personal Information Protection Act (PIPA) (815 ILCS 530/) and related state statutes:

15.1 Right to breach notification

If a security breach occurs that involves your personal information, Reaux Health will notify you in the most expedient time possible and without unreasonable delay, in compliance with the Illinois Personal Information Protection Act. Notification will describe the nature of the breach, the categories of information involved, and the steps we are taking to respond.

15.2 Right to access and deletion

Illinois residents may request access to the personal information we maintain about them and may request deletion of personal information, subject to applicable retention requirements under HIPAA, Illinois medical records law, and other legal obligations. To submit a request, contact privacy@reauxhealth.com.

15.3 Biometric privacy

Reaux Health does not currently collect biometric identifiers as defined under the Illinois Biometric Information Privacy Act (BIPA) (740 ILCS 14/). If this changes, we will update this Policy and obtain any required consent before collecting such information.

Section 16

Multi-state operations and future expansion

Reaux Health currently operates in Illinois. As we expand to additional states, this Policy will be supplemented with state-specific addenda as required by applicable law, addressing each state's specific informed consent, telehealth, medical records privacy, and consumer privacy requirements.

Patients located in states other than Illinois at the time of service should contact us at privacy@reauxhealth.com for information about their state-specific rights once Reaux Health begins serving their state.

Section 17

Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. We will notify you of material changes by:

  • Posting the updated Policy on our Website with a revised Effective Date
  • Sending an email notification to your registered account address for material changes
  • Displaying a prominent notice on the Platform when you next log in

Changes to this Policy apply to all information we hold about you, including information collected before the change. Your continued use of the Services after the effective date of the updated Policy constitutes your acceptance of the changes. If you do not agree to the changes, you should discontinue use of the Services and contact us to request deletion of your information to the extent permitted by law.

We will maintain prior versions of this Policy for at least three (3) years and will make them available upon request.

Section 18

Contact us and Privacy Officer

If you have questions, concerns, or requests related to this Privacy Policy, your rights, or your health information, please contact our Privacy Officer:

Reaux Health, LLC, Privacy Officer
Email: privacy@reauxhealth.com
1 E Erie St, Suite 525-3120,
Chicago, IL 60611

For HIPAA-specific complaints or inquiries, you may also contact the U.S. Department of Health and Human Services:

Office for Civil Rights, HHS
200 Independence Avenue, S.W., Washington, D.C. 20201
Phone: 1-877-696-6775
Website: www.hhs.gov/ocr/privacy/hipaa/complaints/

This Privacy Policy and Notice of Privacy Practices applies to Reaux Health, LLC and all Providers, staff, and Business Associates operating through the Reaux Health Platform.
‍Effective Date: May 5, 2026